10 Ways Businesses Fail at Insider Threat Detection
-
Bad Behavior
74% of respondents are primarily concerned about the threat from negligent or malicious employees, but 45% don't know how much they plan to spend on insider threat technology in the next 12 months. -
Falling Short
47% of respondents do not have specific knowledge of their spending on insider threats. -
Budget Shortfalls
44% of respondents spend 10% or less of their IT budgets on insider threats. -
Blindsided
52% of respondents do not have a clue about the cost of losses from insider threats. Only 19% believe losses would total more than $5 million, which is in line with industry research. -
Confidence Outweighs Prevention
68% of respondents believe they have the ability to prevent or stop an insider incident/attack. However, 75% of insider crimes go unreported and are not prosecuted due to a lack of evidence, according to the "2014 U.S. State of Cybercrime Survey." -
Security Holes
90% of respondents said they rely on administrative solutions such as policies and procedures to deal with the problem, but lack the technologies to monitor compliance and enforcement. Meanwhile, 36% said their prevention measures are not effective. -
Big Obstacles
51% said a lack of training was the biggest factor limiting their companies' ability to deal with insider threats, followed by a lack of budget (43%), lack of staff (40%) and lack of technology solutions (40%). -
Attitude Adjustment Required
28% of respondents said preventing or deterring insider threats was not a priority for their organizations. -
Bad Planning
31% said they have no formal incident report (IR) plan or are unsure if one exists. Of the 69% who said they have IR plans, about half do not have special provisions for insider attacks. -
Slow Response
Only 10% of respondents have detected insider attacks within an hour. Detection times ranged from less than one hour to more than one year.
What Partners Need to Know About HP, Inc. 
MSPs Face Big Cybersecurity Talent Gap 
Why Tech Companies Are Eager to Invest in 5G 
The Problem With Partner Referral Programs 
Microsoft Taps Channel for Digital Business 
New Technologies Will Fuel Channel Opportunities 
Channel's Transition to the Cloud Requires More Time 
Microsoft's Cloud Channel Begins to Mature 
Defining MSPs' Goals, Challenges and Tools 
Why Metrics Matter to the Channel Many organizations are vulnerable to attack because they lack the tools to prevent and detect insider threats, according to a recent SANS Institute study, sponsored by SpectorSoft. Nearly three-fourths of the 772 IT security professionals surveyed are concerned about threats from negligent or malicious employees, but almost half don't know how much they spend on insider threats. The majority are concerned about data loss, including compromised personally identifiable information (67%), damage to reputation (54%) and revealing confidential business information (51%), yet the study finds serious gaps in protecting against these threats. A look at the top six industries in the survey, including technology/IT services, showed that it took organizations from 12 to 48 days to detect an insider breach and from less than one day to 60 days to respond. Many organizations lack the budget and staff to implement and maintain prevention/detection tools; this creates opportunities for managed security services providers to help these businesses develop, implement and maintain a security plan. Here are 10 key findings from the survey.